Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/rCh_gHYaIffnmVr4olG4RtTeP-A.roa
File:                     rCh_gHYaIffnmVr4olG4RtTeP-A.roa (raw, json)
Hash identifier:          ozDxkB5trdiohu8LeTQKjtiZqEbQopc2Vv1pc+OSi+Q=
Subject key identifier:   AC:28:7F:80:76:1A:21:F7:E7:99:5A:F8:A2:51:B8:46:D4:DE:3F:E0
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0192D68472C571B72BA14F8FE7223EFFCF3E
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/rCh_gHYaIffnmVr4olG4RtTeP-A.roa
Signing time:             Tue 29 Oct 2024 04:24:17 +0000
ROA not before:           Tue 29 Oct 2024 04:24:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215567
IP address blocks:        185.143.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d6:84:72:c5:71:b7:2b:a1:4f:8f:e7:22:3e:ff:cf:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct 29 04:24:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac287f80761a21f7e7995af8a251b846d4de3fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ca:38:d6:9b:c3:b6:41:2c:db:a1:fe:3c:46:
                    fe:cf:c2:8e:2d:dd:60:29:9e:ad:e7:d1:0e:2a:66:
                    bd:38:50:ff:ca:26:3b:4e:ab:7f:23:2c:fc:17:27:
                    8f:38:d9:34:79:f3:a9:8e:f2:f3:e3:cb:c8:17:61:
                    dc:70:f5:f3:32:74:d3:13:c4:e9:37:fb:c3:41:ec:
                    12:79:52:0d:43:06:b5:5e:ee:26:33:dc:b8:44:71:
                    1a:7e:97:37:3e:b9:8a:12:e1:5f:4b:4a:ec:c0:55:
                    4b:e2:1f:e6:a8:f0:d0:16:04:c0:76:31:90:91:5e:
                    d8:9d:2e:73:cb:62:1a:da:70:fb:b3:e5:16:85:41:
                    c7:1c:67:12:f2:07:d4:54:75:40:00:d9:b5:fe:4e:
                    49:64:73:96:25:0d:c3:06:64:19:6a:b6:8a:7d:23:
                    2b:e5:13:25:19:51:aa:e8:b0:ad:bc:ee:1e:19:de:
                    85:92:b0:fe:bb:de:ca:2d:f3:b7:c0:30:64:54:17:
                    16:53:89:c8:11:3c:76:7b:0a:24:cd:15:d5:2f:b2:
                    97:12:b3:dc:51:42:cd:83:56:70:7f:47:fe:39:19:
                    b0:dd:4e:bb:a7:4d:ca:bd:d1:25:76:d9:19:7b:b0:
                    c9:09:28:2b:8f:5e:0e:3f:a8:75:3d:48:5e:80:e0:
                    49:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:28:7F:80:76:1A:21:F7:E7:99:5A:F8:A2:51:B8:46:D4:DE:3F:E0
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/rCh_gHYaIffnmVr4olG4RtTeP-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:9d:84:d1:4f:03:ef:f6:8d:58:bf:97:23:8e:33:4b:fa:99:
         37:23:af:d2:7d:bc:b8:1b:9b:6c:2f:1d:51:30:be:5f:e7:97:
         d6:91:7d:fe:e8:90:94:d7:c6:05:65:ee:1d:86:ab:dc:18:09:
         fd:d1:51:11:05:05:59:19:df:f2:8d:91:e8:9d:ca:80:db:1e:
         ff:93:58:aa:ab:59:9e:a7:af:2e:41:7c:d4:38:1d:69:8d:f9:
         e2:95:9e:56:32:be:43:8c:da:4b:b4:95:d6:ad:85:b5:54:6d:
         e7:9a:30:14:9e:6f:f0:9f:2b:ba:90:7c:47:b4:28:88:7f:0f:
         da:d2:b3:03:dc:99:32:6d:90:1e:8f:9d:f0:09:c5:0d:86:ce:
         30:b0:c9:ba:db:9d:cd:53:f1:99:22:16:91:b5:3b:22:1f:43:
         07:83:7b:ed:c6:5e:c7:c0:69:a0:2b:3a:ed:b1:cf:54:5a:ec:
         59:3d:ca:14:be:47:56:db:2d:c1:51:d5:6b:f5:53:29:90:86:
         b1:ce:f7:33:86:f1:a9:ff:ca:d4:b5:73:22:69:2e:77:90:ce:
         56:43:c9:65:50:40:5b:96:b5:b0:86:a4:19:31:ca:55:e5:5d:
         ba:f5:0f:f3:7d:7d:19:35:41:84:8b:ec:4e:17:3b:6f:b0:1c:
         cd:83:0d:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLWhHLFcbcroU+P5yI+/88+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQxMDI5MDQyNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI4N2Y4MDc2MWEyMWY3ZTc5OTVhZjhhMjUxYjg0NmQ0ZGUzZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMo41pvDtkEs26H+PEb+z8KOLd1g
KZ6t59EOKma9OFD/yiY7Tqt/Iyz8FyePONk0efOpjvLz48vIF2HccPXzMnTTE8Tp
N/vDQewSeVINQwa1Xu4mM9y4RHEafpc3PrmKEuFfS0rswFVL4h/mqPDQFgTAdjGQ
kV7YnS5zy2Ia2nD7s+UWhUHHHGcS8gfUVHVAANm1/k5JZHOWJQ3DBmQZaraKfSMr
5RMlGVGq6LCtvO4eGd6FkrD+u97KLfO3wDBkVBcWU4nIETx2ewokzRXVL7KXErPc
UULNg1Zwf0f+ORmw3U67p03KvdEldtkZe7DJCSgrj14OP6h1PUhegOBJJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwof4B2GiH355la+KJRuEbU3j/gMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvckNoX2dIWWFJZmZubVZyNG9sRzRSdFRlUC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQAWnYTRTwPv9o1Yv5cjjjNL+pk3I6/Sfby4G5tsLx1R
ML5f55fWkX3+6JCU18YFZe4dhqvcGAn90VERBQVZGd/yjZHoncqA2x7/k1iqq1me
p68uQXzUOB1pjfnilZ5WMr5DjNpLtJXWrYW1VG3nmjAUnm/wnyu6kHxHtCiIfw/a
0rMD3JkybZAej53wCcUNhs4wsMm6253NU/GZIhaRtTsiH0MHg3vtxl7HwGmgKzrt
sc9UWuxZPcoUvkdW2y3BUdVr9VMpkIaxzvczhvGp/8rUtXMiaS53kM5WQ8llUEBb
lrWwhqQZMcpV5V269Q/zfX0ZNUGEi+xOFztvsBzNgw2F
-----END CERTIFICATE-----